Page MenuHomeFreeBSD
Differential D45420

mitigations.7: mention supervisor mode memory access protections
ClosedPublic
Actions

Authored by emaste on May 31 2024, 2:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Aug 27, 11:15 PM
Unknown Object (File)
Fri, Aug 22, 10:51 PM
Unknown Object (File)
Wed, Aug 20, 10:19 AM
Unknown Object (File)
Mon, Aug 18, 12:49 AM
Unknown Object (File)
Wed, Aug 13, 11:18 PM
Unknown Object (File)
Jun 27 2025, 10:51 PM
Unknown Object (File)
Jun 18 2025, 6:51 PM
Unknown Object (File)
Jun 8 2025, 9:30 AM
View All Files
Subscribers
andrew

Details

Reviewers
olce
imp
kib
Commits
rGf8c73ba5981c: mitigations.7: mention supervisor mode memory access protections
rG72ece341b427: mitigations.7: mention supervisor mode memory access protections

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

emaste requested review of this revision.May 31 2024, 2:15 PM
emaste created this revision.
imp accepted this revision.May 31 2024, 2:20 PM
This revision is now accepted and ready to land.May 31 2024, 2:20 PM
olce accepted this revision.May 31 2024, 2:26 PM
olce added inline comments.
share/man/man7/mitigations.7
249
emaste added inline comments.May 31 2024, 2:29 PM
share/man/man7/mitigations.7
239

small addition staged in my tree

emaste updated this revision to Diff 139260.May 31 2024, 2:50 PM
emaste added a reviewer: kib.

Describe the two different features in more detail

This revision now requires review to proceed.May 31 2024, 2:50 PM
kib added a comment.May 31 2024, 2:59 PM

It is also worth mentioning that SMAP/PAN provide very effective NULL pointer dereference protection in kernel, and make mapping a page at address zero safe.

share/man/man7/mitigations.7
239

'not owned by the kernel' is a weird formulation, I even have to stop digesting it. The right way to express it is probably 'pages accessible to userspace/non-privileged code'.

andrew added a subscriber: andrew.May 31 2024, 3:03 PM
andrew added inline comments.
share/man/man7/mitigations.7
248

I think PAN only prevents read/write as it's just for data accesses.

emaste updated this revision to Diff 139262.May 31 2024, 3:04 PM

feedback from @kib

emaste updated this revision to Diff 139263.May 31 2024, 3:05 PM

Feedback from @andrew

kib accepted this revision.May 31 2024, 3:20 PM
This revision is now accepted and ready to land.May 31 2024, 3:20 PM
Closed by commit rG72ece341b427: mitigations.7: mention supervisor mode memory access protections (authored by emaste). · Explain WhyMay 31 2024, 7:36 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rG72ece341b427: mitigations.7: mention supervisor mode memory access protections.
emaste added a commit: rGf8c73ba5981c: mitigations.7: mention supervisor mode memory access protections.Aug 1 2024, 2:48 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
21 lines

Diff 139260

View Options

share/man/man7/mitigations.7

Loading...